Creating moderated user accounts using CreateUserWizard and ASP.NET 2.0 default providers

Categories: ASP.NET 2.0, ASP.NET 2.0 Posted by AlexanderZeitler on 12/19/2005 4:43 PM | Comments (3)

Actually I'm developing an online shop where one of the software requirements is, that users can register themself - but their accounts will be disabled until they're proofed by an Admin.

Since ASP.NET 2.0 Membership default providers don't provide a simple method for disabling an user's account, I solved it this way (without implementing my own Membership Provider):

1. Setup ASP.NET 2.0 Membership Database (or enhance existing database with Membership features):

Run: aspnet_regsql.exe -E -S localhost -A mrp -d MyExistingDB

which add's membership, role and profile tables, views and stored procedures to your database.

2. Add SqlMembershipProvider and SqlProfileProvider declaration to your web.config:

<connectionStrings>
<add name="MyShopConnectionString" connectionString="Data Source=DEVBOX\SQL2K;Initial Catalog=MyShop;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>

<system.web>
<profile defaultProvider="SqlProfileProvider">
<providers>
<add name="SqlProfileProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="MyShopConnectionString" />
</providers>
<properties>
<add name="Enabled" type="bool"/>
</properties>
</profile>

<membership defaultProvider="SqlMemberShipProvider">
<providers>
<add name="SqlMemberShipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MyShopConnectionString"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0" />
</providers>
</membership>

As you can see, I've added a Profile property called "Enabeld" type of "bool" which holds the information whether the user is enabled or disabled.

The next step leads to the register.aspx, which contains a CreateUserWizard control which has been modified optically (that doesn't matter at all):

The required changes made to the CreateUserWizard are:

Changing the LoginCreatedUser property to false and...

Adding the following code to the CreatedUser-Event of your CreateUserWizard:

ProfileCommon prof = Profile.GetProfile(MyCreateUserWizard.UserName);
prof.Enabled = false;
prof.Save();

The last step is to add a Login Control to your login.aspx:

and adding the following code to the LoggedIn-Event of your Login control:

ProfileCommon pc = Profile.GetProfile(MyLoginControl.UserName);
if (!pc.Enabled) {
   FormsAuthentication.SignOut();
   Response.Redirect("AccountDisabled.aspx");
}

Comments

Comments are closed